July 1, 2020
By Caity Witucki
Contributing Editor, C-Suite Wednesday
C-Suite Wednesday – OCC Says PPP Poses Compliance Risk
On Monday, the Office of the Comptroller of the Currency (OCC) reported that financial institution profitability is at risk due to a decline in economic conditions brought on by the coronavirus pandemic. According to the report, financial institutions are already seeing increased customer forbearance requests and higher provisions for loan losses. Although programs to aid in economic recovery, such as the Paycheck Protection Program (PPP), have improved market liquidity, the OCC says those programs now pose a potential compliance risk for lending institutions.
“Compliance risk is elevated due to a combination of altered operations, employees working remotely, and the requirement to operationalize new federal, state, and propriety programs designed to support consumers such as the CARES Act, Paycheck Protection Program, and a variety of forbearance and deferred payment programs,” says Acting Comptroller Brian Brooks. “Among other challenges these conditions complicate the compliance responsibilities associated with managing high transaction volumes and various programs of consumer and business lending in a weakened economy.”
According to the semiannual report, the high volume of PPP applications and the short processing time frames particularly elevate financial institution risks. “These conditions may complicate BSA, consumer protection, and fair lending compliance responsibilities associated with underwriting and opening new accounts, monitoring customer activity, communicating with customers, and timely meeting BSA and Office of Foreign Assets Control (OFAC) reporting requirements,” says Brooks.
To avoid non-compliance with federal financial institution regulations, the OCC notes that some lending institutions are using innovative technologies and third parties, including fintech firms, to help manage economic recovery programs. However, the OCC warns that risk management departments should maintain effective controls for third-parties to ensure that there are no operational errors or cybersecurity risks.